Nemcio/Gogs
1
0
Fork 0
mirror of https://github.com/gogs/gogs.git synced 2026-02-18 12:27:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

template: escape untrusted names in locale strings piped through Safe (#8176)

Browse Source 
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
ᴊᴏᴇ ᴄʜᴇɴ
2026-02-12 21:42:23 -05:00
committed by GitHub
parent a000f0c7a6
commit ac21150a53
4 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
.claude/commands/ghsa.md Normal file
View File

@@ -0,0 +1,11 @@
Analyze and help fix the GitHub Security Advisory (GHSA) at: $ARGUMENTS
Steps:
1. Fetch the GHSA page using `gh api repos/gogs/gogs/security-advisories` and understand the vulnerability details (description, severity, affected versions, CWE).
2. Verify the reported vulnerability actually exists, and why.
3. Identify the affected code in this repository.
4. Propose a fix with a clear explanation of the root cause and how the fix addresses it. Check for prior art in the codebase to stay consistent with existing patterns.
5. Implement the fix. Only add tests when there is something meaningful to test at our layer.
6. Run all the usual build and test commands.
7. Create a branch named after the GHSA ID, commit, and push.
8. Create a pull request with a proper title and description, do not reveal too much detail and link the GHSA.

2
templates/repo/branches/all.tmpl
View File

@@ -14,7 +14,7 @@
<div class="ui eleven wide column">
{{if .IsProtected}}<i class="octicon octicon-shield"></i> {{end}}<a class="markdown" href="{{$.RepoLink}}/src/{{EscapePound .Name}}"><code>{{.Name}}</code></a>
{{$timeSince := TimeSince .Commit.Committer.When $.Lang}}
<span class="ui text light grey">{{$.i18n.Tr "repo.branches.updated_by" $timeSince .Commit.Committer.Name | Safe}}</span>
<span class="ui text light grey">{{$.i18n.Tr "repo.branches.updated_by" $timeSince (Sanitize .Commit.Committer.Name) | Safe}}</span>
</div>
<div class="ui four wide column">
{{if and (and (eq $.BranchName .Name) $.IsRepositoryAdmin) (not $.Repository.IsMirror)}}

6
templates/repo/branches/overview.tmpl
View File

@@ -13,7 +13,7 @@
<div class="ui eleven wide column">
{{if .DefaultBranch.IsProtected}}<i class="octicon octicon-shield"></i> {{end}}<a class="markdown" href="{{$.RepoLink}}/src/{{EscapePound .DefaultBranch.Name}}"><code>{{.DefaultBranch.Name}}</code></a>
{{$timeSince := TimeSince .DefaultBranch.Commit.Committer.When $.Lang}}
<span class="ui text light grey">{{$.i18n.Tr "repo.branches.updated_by" $timeSince .DefaultBranch.Commit.Committer.Name | Safe}}</span>
<span class="ui text light grey">{{$.i18n.Tr "repo.branches.updated_by" $timeSince (Sanitize .DefaultBranch.Commit.Committer.Name) | Safe}}</span>
</div>
{{if and $.IsRepositoryAdmin (not $.Repository.IsMirror)}}
<div class="ui four wide column">
@@ -33,7 +33,7 @@
<div class="ui eleven wide column">
{{if .IsProtected}}<i class="octicon octicon-shield"></i> {{end}}<a class="markdown" href="{{$.RepoLink}}/src/{{EscapePound .Name}}"><code>{{.Name}}</code></a>
{{$timeSince := TimeSince .Commit.Committer.When $.Lang}}
<span class="ui text light grey">{{$.i18n.Tr "repo.branches.updated_by" $timeSince .Commit.Committer.Name | Safe}}</span>
<span class="ui text light grey">{{$.i18n.Tr "repo.branches.updated_by" $timeSince (Sanitize .Commit.Committer.Name) | Safe}}</span>
</div>
{{if and $.IsRepositoryWriter $.AllowPullRequest}}
<div class="ui four wide column">
@@ -55,7 +55,7 @@
<div class="ui eleven wide column">
{{if .IsProtected}}<i class="octicon octicon-shield"></i> {{end}}<a class="markdown" href="{{$.RepoLink}}/src/{{EscapePound .Name}}"><code>{{.Name}}</code></a>
{{$timeSince := TimeSince .Commit.Committer.When $.Lang}}
<span class="ui text light grey">{{$.i18n.Tr "repo.branches.updated_by" $timeSince .Commit.Committer.Name | Safe}}</span>
<span class="ui text light grey">{{$.i18n.Tr "repo.branches.updated_by" $timeSince (Sanitize .Commit.Committer.Name) | Safe}}</span>
</div>
{{if and $.IsRepositoryWriter $.AllowPullRequest}}
<div class="ui four wide column">

2
templates/repo/wiki/view.tmpl
View File

@@ -58,7 +58,7 @@
{{end}}
<div class="ui sub header">
{{$timeSince := TimeSince .Author.When $.Lang}}
{{.i18n.Tr "repo.wiki.last_commit_info" .Author.Name $timeSince | Safe}}
{{.i18n.Tr "repo.wiki.last_commit_info" (Sanitize .Author.Name) $timeSince | Safe}}
</div>
</div>
<div class="markdown has-emoji">